Is it possibe root device by direct emmc?

[CoMoBat]

Is it possibe root device by direct emmc?


for some device that can't rooted easy

[layder]

Quote:

Originally Posted by CoMoBat

Is it possibe root device by direct emmc?


for some device that can't rooted easy

You can buy Easy file manager and manually write su file ro system partition. But it not easy procedure, you need select cpu-based su to add it.

[genhack23]

Root isnt only a copy/past in the bin folder need r/w permission in the kernel for new devices

[layder]

Quote:

Originally Posted by genhack23

Root isnt only a copy/past in the bin folder need r/w permission in the kernel for new devices

Really?.....

SuperSU are contains platform-based executables su file:

arm
arm64
armv7
mips
mips64
x64
x86

You need analyze bullp.prop to select right file

[CoMoBat]

Quote:

Originally Posted by layder

Really?.....

SuperSU are contains platform-based executables su file:

arm
arm64
armv7
mips
mips64
x64
x86

You need analyze bullp.prop to select right file

Can we put all su in emmc and test for response?!

[layder]

Quote:

Originally Posted by CoMoBat

Can we put all su in emmc and test for response?!

Use third part files (SU) we may enter into legal conflict with their respective owners, so we will not add them to our program

You can add su files manually with buy EFM license (Emmc File Manager software)
http://forum.gsmhosting.com/vbb/f672...eased-2210118/
License is add write function to EXT partition

[genhack23]

Nope isnt only that. I give you an example, when you open an app, this app make a proces in sandbox mode = user level; if i have root permission i can start an app and start a root (guid 0) process thats mean i have the root privileges, but for do that kernel need to be patched in new phone, becouse evry phone have ToC Trust of chain; if i take off an emmc and push all file in the /bin (this isnt relevant of architecture of phone) this process can be run only in the sandbox mode becouse kernel sandbox it. The last phone do the same work of ios, and you need to patch the kernel before run outside the Box... I hope my explaination is good.

[CoMoBat]

And what about OEM by direct emmc?!
Is it possible do OEM:OFF by direct emmc?!

[CoMoBat]

Quote:

Originally Posted by genhack23

Nope isnt only that. I give you an example, when you open an app, this app make a proces in sandbox mode = user level; if i have root permission i can start an app and start a root (guid 0) process thats mean i have the root privileges, but for do that kernel need to be patched in new phone, becouse evry phone have ToC Trust of chain; if i take off an emmc and push all file in the /bin (this isnt relevant of architecture of phone) this process can be run only in the sandbox mode becouse kernel sandbox it. The last phone do the same work of ios, and you need to patch the kernel before run outside the Box... I hope my explaination is good.

So why superuser.zip worked when we installed it in custome recovery ?!

[genhack23]

Quote:

Originally Posted by CoMoBat

And what about OEM by direct emmc?!
Is it possible do OEM:OFF by direct emmc?!

The old days when you prompt "fastboot oem unlock" are gone my friend, for old device i thinks is possible if you are able to reverse the boot and unlock it with a patch inside. For the new bootloader all need to be "trusted" cpu to secure boot to bootloader to second stage to kernel and bla bla bla.. Crypto is the problem, and the solution is change our job.... LOL

Read somethings is better than talk

Quote:

https://lineageos.org/engineering/Qualcomm-Firmware/

Quote:

Originally Posted by CoMoBat

So why superuser.zip worked when we installed it in custome recovery ?!

Becouse in the old phone the security was low level, patch the ramdisk and make the root. Take a look on the url, you will find better explaination then mine

[CoMoBat]

Quote:

Originally Posted by genhack23

The old days when you prompt "fastboot oem unlock" are gone my friend, for old device i thinks is possible if you are able to reverse the boot and unlock it with a patch inside. For the new bootloader all need to be "trusted" cpu to secure boot to bootloader to second stage to kernel and bla bla bla.. Crypto is the problem, and the solution is change our job.... LOL

Read somethings is better than talk

I think its like FRP and its possible for OEM OFF by direct emmc
For example I want do OEM OFF for J701F in android 8.1 that it is not in developer option...

Really I want root J701F but OEM is ON and I can't root it or write TWRP or downgrade it now

How can I root or do OEM OFF?!

[genhack23]

Quote:

Originally Posted by CoMoBat

I think its like FRP and its possible for OEM OFF by direct emmc
For example I want do OEM OFF for J701F in android 8.1 that it is not in developer option...

Really I want root J701F but OEM is ON and I can't root it or write TWRP or downgrade it now

How can I root or do OEM OFF?!

Thats is what i mean we need to change our job. At moment i think you cant in the same ways in the past. Idk if the remove frp in the tool can be useful on android 8 for two reason FullDiskEncryption On and TrustOfChain, oem function is not allowed on every phone.the only ways is like jailbreak in ios, make a lot of exploit for breach security and patch it after, but isnt for all ...

Edit: i take a look on the shell and the are a lot of combination with a dev Boot, if you flash that file odin mode you can try to remove frp, after that you can try to root, and remember say in any case thanks to people who find this awesome packet becouse for ios are a dream to have and if one is stoled from factory 1 can be flash only for the mobo signed for it!